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Abstract 

Two distinct algorithms are presented to extract (schemata of) res- 
olution proofs from closed tableaux for propositional schemata [4]. The 
first one handles the most efficient version of the tableau calculus but 
generates very complex derivations (denoted by rather elaborate rewrite 
systems). The second one has the advantage that much simpler systems 
can be obtained, however the considered proof procedure is less efficient. 

In O H] a tableau calculus (called Stab) is presented for reasoning on 
schemata of propositional problems. This proof procedure is able to test the 
validity of logical formulae built on a set of indexed propositional symbols, using 
generalized connectives such as Vi=i or Ai=i> where i, n are part of the language 
(n denotes a parameter, i.e. an existentially quantified variable). A schema is 
unsatisfiable iff it is unsatisfiable for every value of n. Stab combines the usual 
expansion rules of propositional logic with some delayed instantiation schemes 
that perform a case-analysis on the value of the parameter n. Termination is 
ensured for a specific class of schemata, called regular, thanks to a loop detection 
rule which is able to prune infinite tableaux into finite ones, by encoding a form 
a mathematical induction (by "descente infinie"). A related algorithm, called 
Dpll* and based on an extension of the Davis-Putnam-Logemann-Loveland 
procedure, is presented in [3]. 

In the present work, we show that resolution proofs can be automatically ex- 
tracted from the closed tableaux constructed by Stab or Dpll* on unsatisfiable 
schemata. More precisely, we present an algorithm that, given a closed tableau 
T for a schema <f> n , returns a schema of a refutation of (f> n in the resolution 
calculus [9]. In the usual propositional case, it is well-known that algorithms 
exist to extract resolution proofs from closed tableaux constructed either by the 
usual structural rules [TTJ [13] or by the DPLL algorithm [6]. The resolu- 
tion proofs are used in various applications, for instance for certification |14j . 
for abstraction-refinement [10) or for explanations generation [8]. The present 
paper extends these techniques to propositional schemata. Beside the previ- 
ously mentioned applications, this turned out to be particularly important in 
the context of the ASAP project [T| in which schemata calculi are applied to 
the formalisation and analysis of mathematical proofs via cut-elimination. In- 
deed, the algorithm used for cut-elimination, called CERES [5] , explicitly relies 



on the existence of a resolution proof of the so-called characteristic clause set 
extracted from the initial proof. The cut-free proof is reconstructed from this 
refutation, by replacing the clauses occurring in this set by some "projections" 
of the original proof. While Stab and Dpll* are able to detect the unsat- 
isfiability of characteristic clause sets, as such this is completely useless since 
actually it is known that those sets are always unsatisfiable (see Proposition 3.2 
in [5]). It is thus essential to be able to generate explicitly a representation of 
the resolution proof. This is precisely the aim of the present paper. Since the 
initial formula depends on a parameter n, its proof will also depend on n (except 
in very particular and trivial cases) , i.e. it must be a schema of resolution proof 
(which will be encoded by recursive definitions). 

The rest of the paper is structured as follows. In Section Q] we introduce 
the basic notions and notations used throughout our work, in particular the 
logic of propositional schemata (syntax and semantics). In Section[5]we define a 
tableau-based proof procedure for this logic. This calculus simulates both Stab 
and Dpll* (for the specific class of schemata considered in the present paper). 
In Section [3] we provide an algorithm to extract resolution proofs from closed 
tableaux. Similarly to the formulas themselves, the constructed derivations are 
represented by rewrite systems. In Section U we introduce a second algorithm 
which generates simpler derivations but that requires that one of the closure 
rules defined in Section [2] (the so-called Loop Detection rule) be replaced by 
a less powerful rule, called the Global Loop Detection rule. Section [5] briefly 
concludes our work. 

1 Propositional schemata 

The definitions used in the present paper differ from the previous ones, but the 
considered logic is equivalent to the class of regular schemata considered in [5] (it 
is thus strictly less expressive than general schemata, for which the satisfiability 
problem is undecidable) . We consider three disjoint sets of symbols: a set of 
arithmetic variables V, a set of propositional variables Q, and a set of defined 
symbols T. Let -< be a total well-founded ordering on the symbols in T. An 
index expression is either a natural number or of the form n + k, where n 
is an arithmetic variable and k is a natural number. Let / be a set of index 
expressions. The set J- (I) of formula built on I is inductively defined as follows: 
if p e U T and a G I then p a E F(I)\ T, _L G and if <t>, if} € J 7 (I) then 

(f)V ifi, (/>Atp, (/) => ifj and </> O i\> are in J- (I). 

Definition 1 We assume that each element v G T is mapped to two rewrite 
rules p\ and p° that are respectively of the form t>i+i — > <f> (inductive case) and 
v — > ip (base case), where 4> S ^"({i + L i> 0}), V G -^({O}) and: 

1. For every atom r Q occurring in tj> such that r € T we have either t -< v 
and a G {i + 1, i, 0} or r = v and a G {0, i}. 



2. For every atom r Q occurring in ip such that r G T we have r -<, v and 
a = 0. O 



We denote by 1Z the rewrite system: {p\, p° | v G T}. The rules p\ and p° 
are provided by the user, they encode the semantics of the defined symbols. 

Proposition 2 1Z is convergent. 

Proof. By Conditions Q] and [5] in Definition [TJ the rules in 1Z either strictly 
decrease the values of the defined symbols occurring in the formula w.r.t. -< or 
do not increase the value of these symbols but strictly decreases the value of 
their indices. Thus termination is obvious. Confluence is then immediate since 
the system is orthogonal. ■ 

For every formula </>, we denote by (pi-iz the unique normal form of <p. 

A schema (of parameter n) is an element of J r ({0,n,n+ 1}). We denote by 
4>{n <— k} the formula obtained from <p by replacing every occurrence of n by 
k. Obviously for any schema <p, (p{n ^— k} G -^({O, k, k + 1}). A propositional 
formula is a formula (p G ^(N) containing no defined symbols. Notice that if 
(p G .F(N) then (pin is a propositional formula. 

Proposition 3 If (p G .F(N) then 4>\-n is a propositional formula. 

Proof. By definition of 1Z, (piu^ .F(N). Furthermore, if <p\.n contains a defined 
symbol v then either p\ or p Q v applies, which is impossible. ■ 

An interpretation is a function mapping every arithmetic variable n to a 
natural number and every atom of the form p/~ (where k G N) to a truth value 
true or false. An interpretation / validates a propositional formula <p iff one of 
the following conditions holds: <p is of the form pk and I(pk) — true; <p is of the 
form -tip and / does not validate ip; or <fi is of the form ip\ V ip2 (resp. ipi A 1P2) 
and / validates ipi or ip2 (resp. ipi and ip2 )■ I validates a schema <p (written 
I \= cp) iff I validates (p{a <— /(n)}^. We write <p \= ip if every interpretation 
/ validating <p also validates ip and <f> = ip if cp \= ip and ip \= (p. 

Example 4 The schema poA Ai=i(Pi-i =^ Pi) A^p n is encoded by p A u n A ^p n , 
where w is defined by the rules: wi+i — > (->p± Vpi+i) A ui and uo — ► T. 

The schema Vi=iPi ^ Ai=i ""Pi ^ s encoded by r n A r^, where r and r' are 
defined by the rules: r i+ i — ► p i+ i V t±, t — ► _L, t- +1 — s> ->Pi+i A r- and Tq — > T. 

Both schemata are obviously unsatisfiable. 

The schema (p n 44> (p n -i (• • • (pi ^ Po) ■ • •))) i s defined by u^, where: 
v 'i+i -> (Pi+l ^ W D and -> p . * 



2 Proof procedure 

In this section we define the proof procedure used to decide the validity of 
propositional schemata. We assume for simplicity that the considered schemata 
are in negative normal form and that the defined symbols occur only positivelj0. 

1 If a defined symbol v occurs negatively then it is easy to replace every literal of the form 
—•Va by an atom v a where v denotes the complementary of v. The rewrite rules for v are 
obtained by negating the right-hand side of the rules of v, e.g. the atom TJ corresponding 
to the symbol v in Example|4]is defined by the rewrite rules — ► (p± A V v± and 

VQ -> ±. 



The procedure is similar to the one presented in [3] and based on preposi- 
tional block tableaux [12] . It constructs a tree labeled by finite sets of schemata, 

using expansion rules of the form: — ^- — | | ^ , meaning that a leaf whose label 

is of the form <E> U <&' (and does not already contain _L) is expanded by adding k 
children labeled by U ^i, . . . , U ^>k respectively. If a is a node in T, then 
T{a) denotes the label of a. The expansion rules are defined as follows: 

Normalisation: — — y — if v a is reducible w.r.t. 1Z 

Vain 

V-Decomposition A-Decomposition Closure 

<fi V -0 (f) Alp (f), -<4> 

1 ip 0, "0 -L 

Purity rule: P n + k — Pn+fc if k > and the previous rules do not apply 

Note that the notion of pure literal is much simpler here than in [2]. This is 
due to the fact that no constant index distinct from and no index of the form 
i + k where k > 1 are allowed. 

A node that is irreducible w.r.t. all the previous rules is called a layer. The 
Loop Detection rule applies to nodes containing previously generated layers: 

Loop Detection: if a non leaf layer labeled by $ exists in the tree 

Note that the layer does not necessarily occur in the same branch as the one 
on which the rule is applied. The essential point is that the set of schemata $ 
has already been considered somewhere - consequently if it has a model then an 
open branch necessarily exists elsewhere in the tree. 

Finally, the last rule performs a case analysis on n (in this particular rule, 
4> denotes the whole label of the considered node) : 

_ , . $ if no other rule applies 

hxplosion: — =-= — . — =-7 — . . * 

<&{n 0} I ${n<— n + 1) and n occurs m $ 

A tableau is closed if the labels of all leaves contain _L. 

Theorem 5 The tableau expansion rules are terminating, i.e. there is no in- 
finite sequence (7I)ieN such that for every i g N, 7l+i is obtained from % by 
applying one of the previous rules. 

Proof. The termination of the rules Normalisation, Decomposition, Closure 
and Loop Detection is obvious: indeed, the Normalisation rule strictly decreases 
the value of the indices occurring in the formulae, whereas the other rules cannot 
increase these indices and strictly reduces the size of the label (i.e. the number 
of symbols). Thus we only have to show that the number of layers is finite. Let 



<S be the set of layers generated by the expansion rule on a given set of schemata 
of some parameter n. By definition, a layer is irreducible by the Decomposition 
rules, thus every formula occurring in T{a) where a € S must be a literal. By 
irreducibility w.r.t. the Normalisation and Purity rules, the indices of these 
literals must be either n or 0. Since -< is well-founded, and since all labels are 
finite, the number of symbols occurring in the tableau must be finite, hence the 
set {T(a) | a e S} is finite. By the order of application of the expansion rules, 
the Explosion rule cannot be applied on two layers labeled by the same set of 
formulae. Thus S is finite. ■ 

The next theorem states that the calculus is correct: 

Theorem 6 If T contains an irreducible leaf not containing _!_, then the label 
of the root of T is satisjiable. 

Proof. Let a be the root of T. The proof is by induction on the depth of the 
irreducible node in T . 

• Assume that a is irreducible, a must be a layer, thus T(a) is a set of 
literals, indexed by the parameter n or by (as shown in the proof of 
Theorem[5]). By irreducibility w.r.t. the Explosion rule, n cannot occur in 
the label. Thus T{a) is a set of literals indexed by 0. Furthermore, T(a) 
cannot contain two complementary literals, hence must be satisfiable. 

• If a is not irreducible, then some expansion rule must be applied on a. The 
rule cannot be the Closure rule, nor the Loop Detection rule (otherwise a 
would necessarily contain _L). We distinguish several cases: 

— If the A-decomposition rule is applied on a then a has one child /3. 
By the induction hypothesis T(j3) is satisfiable. By definition of the 
rule, we have T(a) = T(J3) hence T(a) is satisfiable. 

— If the V-decomposition rule is applied on a then a has two children 
fa and fa. By definition, the irreducible node must occur in the 
branch of fa or fa, say fa. By the induction hypothesis T(fa) is 
satisfiable. By definition of the rule, we have T{fa) \= T{a) hence 
T(a) is satisfiable. 

— If the Explosion rule is applied on a then a has two children fa and 
fa corresponding to the case n ^— and n <— n + 1 respectively. By 
definition, the irreducible node must occur in the branch of fa or fa. 
If it occurs in the branch of fa , then by the induction hypothesis fa 
has a model /. Moreover, by definition of the rule T(fa) contains 
no occurrence of n (since n is replaced by 0), thus the truth value of 
T(fa) is independent of the value of n. We may thus assume that 
I(n) = 0. Then / [= T(a) iff / |= T{a){n <- 0}, i.e. iff I \= T(fa). 
Therefore, / is a model of a. 

If the irreducible node is a descendant of fa, then by the induction 
hypothesis fa has a model /. Let J be an interpretation coinciding 



with I except that J(n) = I(n) + 1. By definition, we have J \= T{a) 
iff / |= T{a){n <r- n + 1}, i.e. if I \= T{j3 2 ). Therefore, J is a model 
of a. 

— If the Purity rule is applied on a, then a has one child j3. We have 
T(a) = T(/3) U {p n+fc } (resp. T(/3) U {-p„ +fc }), where fc > 0. By the 
induction hypothesis, T(/3) has a model /. We remark that the truth 
value of T(/3) does not depend on the value of p n +k- Indeed, Pn+k 
cannot occur in T(/3) (otherwise the Closure rule would be applicable 
on T{a) which is impossible). Furthermore, by irreducibility w.r.t. 
the Normalisation rule, the indices of the defined symbols occurring 
in a must be or n. Since the rewrite rules in 1Z cannot increase 
the value of the these indices, the truth value of these indexed de- 
fined symbols depends only of the values of the atoms indexed by 
/(n), /(n — 1), . . . , 1(0)- Thus we may assume that I(p n +k) = true 
(resp. I(p n+ k) — false). Hence / \= T{a). 



We will not prove the converse (namely that the root of every closed tableau 
is unsatisfiable), because this is subsumed by Theorem [T51 in Section[3] (ensuring 
the existence of a resolution proof for every instance of the root schema) . 

Example 7 The schema <j> : po A ~^p n A v n , where v is defined as in Example [4] 
is unsatisfiable. For instance, 0{n <— 2} is po A ~^p2 A (-ipo V pi) A (->pi V p2)- 
The reader can check that the expansion rules construct the following tableau. 
The root is actually a layer, hence the Explosion rule is applied on it. The node 
(3) is deduced by the Purity rule and closed by applying the Loop Detection 
rule (with the root). The other rule applications are straightforward. 

0(7) 



PQ,-*Pn+lV n +l (6) 
P0,~<Pn+l,Vn, hPn V Pn+l) (5) 




PO,^Pn+l,V n ,Pn+l (2) Po,^Pn+l,Vn,^Pn (4) 
I I 

_L Po,v n , ~^p n (3) 

I 

JL * 

The Dpll* procedure in [3] can be simulated by the previous expansion 
rules, simply by adding for each propositional symbol p £ fl, a defined symbol 
v p with two rules: — > ((pi V-^i) Avf ) and Vq — > T. Then the case splitting 



Po,^Po,v (1) 
1 



rule of the DPLL procedure on a variable p corresponds to an application of the 
A-rule on v^i-ln (yielding p n V -ip n ) followed by an application of the V-rule on 
Pn V -<p n . The propagation rule is then simulated by combining the V-rule and 
the closure ruleQ 



3 Constructing resolution proofs 
3.1 Propositional resolution calculus 

We first briefly recall the notion of resolution inference (in propositional logic). 
A literal is either an atom pk or the negation of an atom ^pk (where p <E Q 
and k £ N). A clause is a (possibly empty) disjunction (or set) of literals. A 
derivation from a set of clauses S is a finite sequence C\ , . . . , C m such that for 
every i 6 [1, m], Ci is either an element of S or obtained from C\, . . . , C m —i by 

applying the resolution rule, defined as follows: Pfc V A^ ^p/c V F 

A refutation is a derivation containing _L (the empty clause). For any formula 
<f>, A is a derivation from <fi if it is a derivation from a clausal form of <p. 

It is well-known [9] that every unsatisfiable set of (propositional) clauses has 
a refutation. In the context of propositional schemata, this means that every 
instance </>{n <— fc}4_K of an unsatisfiable propositional schema <f> of parameter 
n has a refutation A& (which in general depends on k). The problem is then 
to construct a representation of the sequence of refutations Aq, Ai, . . . , A&, . . . 
This sequence may be seen as a schema of refutation which (similarly to the 
semantics of the defined symbols) will be denoted by a system of rewrite rules. 
From now, we assume that the considered schema is in conjunctive normal form 
(i.e. it contains no conjunctions inside disjunctions, even if these conjunctions 
are "hidden" in the inductive definitions of the defined symbols, e.g. the schema 
Pn V v n , where v is defined as in Example |4] is forbidden). 



3.2 A language for representing refutations 

Additional definitions are needed to provide suitable formal languages for denot- 
ing such schemata of derivations. Let T> and X be two disjoint sets of symbols 
(disjoint from V, f2 and T). The symbols in V are the A-symbols and the ones 
in X are the A-variables. The symbols in X are intended to be instantiated 
by schemata, whereas the symbols d € T> will denote schemata of refutations, 
defined by induction (and possibly depending on an additional argument A de- 
noting a formula). We assume that -< is extended into a well-founded ordering 
on V. 

Formally, the set of A-expressions is inductively defined as follows: 
• All schemata and all A-variables are A-expressions. 

2 This "trick" does not actually simulate the full procedure in [3], because the latter handles 
schemata that are more complex than the ones considered in the present paper, possibly 
containing nested iterations. 



• If d G T>, a is an index expression and A is a A-expression, then d a and 
d Q (A) are A-expressions. 

• If A and T are A-expressions then A VT, AAT and A-T are A-expressions. 

The expression AT is to be interpreted as the concatenation of two sequences 
A and T. Note that A-expressions can represent uniformly schemata of clauses, 
schemata of clause sets, or schemata of derivations (i.e. schemata of sequences 
of clauses). For the sake of conciseness and simplicity, the previous definition 
does not ensure that the constructions are well-typed, e.g. we can consider A- 
expressions of the form A VT where A and T are two sequences of clauses (which 
obviously does not make sense: A and T should rather be clauses). But in the 
forthcoming definitions we will ensure that all the considered A-expressions are 
well-typed. 

Example 8 Let d G V. Then (p 2 V qo) ■ d 2 (qo) ■ -*qo • _L is a A-expression. & 

A A-expression is ground if it contains no index variable and no A- variable. 
In order to interpret (ground) A-expressions, the value of the A-symbols is 
specified using a rewrite system, exactly as schemata can be transformed into 
propositional formulas by interpreting the defined symbols (using the rewrite 
system 1Z) . The rewrite systems used in this section are more complicated than 
in the previous one, since the symbols in V may have an additional argument. 

A A- substitution is a function mapping every arithmetic variable to an index 
expression and every A-variable to a A-expression. If A is a A-expression and 
a is a A-substitution, then Act denotes the A-expression obtained from A by 
replacing every variable x G V U X by a{x). 

Definition 9 A T>-system is a set of rewrite rules of the form A — >• T, where 
A,r are two A-expressions such that every arithmetic variable and every A- 
variable occurring in T also occurs in A. A £>-system is propositional if it 
contains no A-variables (it may contain arithmetic variables). 

Given two A-expressions A and T and a 2?-system we write A — ><k T if 
there exists a rule A' — > V in £H and a A-substitution a such that T is obtained 
from A by replacing an occurrence of an expression A' a by T'a. O 

For matching, the associativity and commutativity of logical symbols are not 
taken into account in general, except for conjunctions occurring at the root level 
(this rather unusual convention is needed to ensure confluence without having 
to bother on the order of the schemata at the root level). For instance the 
rule d(p A ((r A q) V ->r)) — > p docs not apply on d(p A (->r V (r A q))) nor on 
d(pA ((qAr) V-r)), but it applies on d(((r Aq)V -*r) Ap). Similarly, d(p A q) — >• p 
applies on d(p) by assuming q = T. 

Example 10 Consider the following rewrite system (Z is a A-variable). 



{<k +1 (Z) -> (-ipi+i V Pi ) • V Z) ■ di(Z), d (Z) -> -np • Z} 



The reader can check that it reduces the A-expression of Example [5] to: 

(P2 V q Q ) ■ (-.p 2 Vpi) ■ (pi V q Q ) ■ (-ipi V p Q ) ■ (p V q ) ■ ^Po • <?o • ~"7o ■ -L 
This last expression is a refutation. 4k 

3.3 Prom closed tableaux to resolution proofs 

Let T be a closed tableau of a schema <j). The general idea is to construct, 
from T, a 2?-system £R(T) representing a schema of refutation for 0. Obviously, 
5ft(7~) represents an inductive proof of the assertion: "for every n G N, the 
corresponding instance of (f> is unsatishable" . Ideally, we would just refute the 
base case, and then build a refutation of <f> at n + 1 from a refutation of <p at n. 
However, as often in inductive reasoning, we need to generalize the conjecture 
in order to refute it properly. This is done as follows: recall that our aim is 
to construct a refutation of cj>, i.e. a derivation of _L from <fi; instead, however, 
D\(T) will describe how to build a derivation of X from cf> V X, for any X 
(formally, X will be a A-variable). Then, our original goal will be reached by 
just substituting _!_ to X. In practice, we need to generalize even more this 
reasoning since the construction of 9t(7~) is done by mapping every node a of 
T to some rewrite rules. So, instead of considering only the root schema 0, we 
need to consider all the formulae {cj)i, . . . , that occur in T(a). And, instead 
of building a derivation of X from <p V X , we build a derivation of Xi V • • ■ V Xk 
from (</>i VXl)A- • 'A^VX/t), for some A-variables Xi, . . . ,Xfc. More precisely 
we build a derivation of a clause C C Xi V . . . V X& , since some formulae 0, V X$ 
may be useless. We retrieve our original goal when we just substitute the root 
of T to a. 

The following definition constructs a ©-system d\(T) and two A-symbols v a 
and \i a such that, if T(a) — {</>i, . . . , <f>k} and J7 denotes the formula (<j)\ V Xl) A 
• • • A V Xfe) then p"(U) denotes the above clause C and v"(U) denotes a 
derivation of C from U. This system is constructed by induction on the tableau. 

Definition 11 Let T be a tableau. We map every node a in T to two A- 

symbols v a and /i Q . We assume that the symbols v a and \i a are pairwise 
distinct. The system of rules 9t(T) is defined by the rules in 1Z and the following 
rules, for every node a in T (we distinguish several cases, according to the rule 
applied on a): 

• If no rule is applied on a: f"((lVl)AF) -> X p£((± VI) AY) -> X 

• If the Normalisation rule is applied on a, using a formula yielding a 
node (3: 

^((0 V X) A Y) -> ^((<^ VX) A Y) 
V X) A Y) -► /if ((0U VX) A Y) 

• If the Closure rule is applied on a, using and ^<fi: 



v*((<f) V X) A (-0 V Y) A Z) -> (-i^ V y) • V X) • (X V Y) 



V X) A (-.^ V y) A Z) -> (X V F) 



• If A-Dccomposition is applied on a, yielding a child /3: 

^(((0! a 2 ) v x) a y) -> v x) a (0 2 v x) a y) 

<(((0i A 2 ) V X) A Y) -> ptf ((01 V X) A (0 2 V X) A y) 

• If V-Decomposition is applied on a using a formula V V> and yielding two 
children f}\ and 

^(((0!V0 2 )vx)Ay) -> ^ i ((0 1 v(0 2 vx))Ay)-^(^ 1 ((0iV(0 2 vx))Ay)Ay) 

<(((0! V 0a) V X) A y) ^ ((0! V (0 2 V X)) A y) A Y) 

• If the Purity rule is applied on a, on a formula 0, yielding a node /3: 

^((0 v x) a y) -> ^(y) ((0 vi)af)-> ^(y) 

• If the Loop Detection rule is applied on a, using a layer /3: 

• If the Explosion rule is applied on a, yielding two children /3\ and 02, 
corresponding to the cases n <— and n <— n + 1 respectively: 

vfrm-nfriX) vS+i{X)^v^{X) ^(X)^^ 2 (X) (jZ +1 (X) ^ ^(X) 

O 

Note that all the symbols 0, 0i,02 denote meta- variables, and not A- 
variables (hence they cannot be instantiated during rewriting, in contrast to 
X,Y,...). 

Before establishing the properties of £H(7~) , we show an example of applica- 
tion: 

Example 12 Consider the proof tree of Example [7J The reader can check that 
*H(T) contains the following rules: 



"n((Po VI) A(-poVF) AZ) 
^((poVX)A(-poVy)AZ) 

vl ((Pn+l V X) A (^Pn+l V Y") A Z) 
Mn((Pn+l V X) A (^p n+1 V y) A Z) 

^(i) 

^((-Pn+ivi) Ay) 

Mn((-Pn+1 VI) Ay) 

*P.Vp, + i)Vl)A7) 

/^(((-•PnVpn+l) VI) Ay) 

^ n 6 (( Un+ i V X) A Y) 

^((vivi)Ay) 

^d(I) 

Mo 7 (I) 

^n 7 +1 (I) 

The A-expression i/J ((po V _L) A (-ip n V _L) A (t> n V _L)) denotes a refutation of 
Po A-ip n A-L> n . This rewrite system is complex and hardly readable, fortunately it 
can be simplified by instantiating the arguments when possible and by statically 
evaluating the derivations that do no depend on the value of the parameter n. 
For instance the A-symbol vl is only called on the formula T n = (p V _L) A 
(-ip„ V _L) A (v n V _L). Thus the rule v"l{X) -> Vq{X) may be simplified by 
instantiating X by To and evaluating the right-hand side: i/q(Tq) — > po ■ -<po ■ _L 

Similarly, the rule vl +1 (X) v®{X) can be replaced by the following rule (in 
this case only a partial evaluation is possible since some parts of the derivation 
depend on the value of n): i/J +1 (T n+ i) ->■ (-ip n Vp n+ i) • ->Pn+i • ~^Pn ■ vl(T n ) 

The obtained system (only containing the two previous rules) is obviously 
much simpler than the original one, in particular it is propositional (no schema 
variables occur in it). To improve readability, the expression ^ 7 (T n ) could be 
simply replaced by a fresh symbol f 7 (with no argument). & 

We define the following relation -<j- on the nodes in a tableau T. 

Definition 13 Let T be a tableau. <x is the least transitive relation such that 
a ~<j- (3 if one of the following conditions hold: 

1. Either a is a child of /3, but a does not correspond to the "n «— n + 1" 
branch of an Explosion rule. This is written a f3. 

2. Or the Loop Detection rule has been applied on the node /3, using the 
layer a. This is written a -<\- /3. O 



-»• (po V I) ■ (-po V Y) ■ (X V Y) 

-»■ ivy 

->• (pn+i v i) • (^pn+i v y) • (x v y) 

->■ ivy 

-»• vl(x) 

-+ m 7 P0 

-+ ^ 3 (y) 
-»• Mn(y) 

-»• f. a (((Pn+0 v(^vi)) Ay) 

•^ 4 (Mn((Pn+i V (-p n V X)) AY) AY) 

-»• Mn(Mn((Pn+l V(-p n Vl)) Ay)Ay) 

<(((^Pn Vpn+l) VI) AW n Ay) 
-»■ Mn(((-PnVp n+ l)Vl) AUnAy) 

-»• ^o(I) 
-»• MO (I) 

^n(I) 
Mn(I) 



Proposition 14 Let T be a tableau. <x * s a strict partial order. 



Proof. By definition, T has been obtained by a sequence of application of the 
Expansion rules in Section [2j If a and are two non-leaf nodes in 7~, we write 
a <J if the expansion rule on a has been applied before the one of during this 
derivation, in chronological order (of course several derivations are possible, we 
choose one of them arbitrarily). < is obviously an ordering. Furthermore, if we 
have a -<j- then by the application condition of the Loop Detection rule we 
must have a <\ 0, since when the rule is applied on the node a cannot be a 
leaf, thus an expansion rule must already have been applied on it. 

Assume that -<f is not an ordering. By definition -<j- is transitive, thus 
it must be reflexive, i.e. there is a node a such that a -<f a. By definition 
of this means that there exists a sequence of nodes 0\, . . . ,0k such that 
0i — 0k — ot and for every i e [1, k — 1], 0i < c r 0i + \ (with e = 1, 2). If for every 
i G [1, k — 1] we have 0i -<\- 0i+\ then for all i 6 [1, k — 1] 0i is a child of 0i + \ 
which implies that there is a (non trivial) path in the tableau from a to a. This 
is impossible. Thus there is at least one node 0i + i such that the Loop Detection 
rule is applied on 0i+i. W.l.o.g. we can assume that i + 1 = k. If for every 
i £ [1, k — 1] we have 0i -<ij- 0i+\ we have 0i < 0i+i, hence by transitivity a < a, 
which is impossible. Let j the greatest index in [1, k — 1] such that f3j -/dj- 0j+i- 
We have 0j -<\- f3 j+1 -<\ j+2 <\...<\0 k . 

Since 0j+i -<\ fij+2, fij+i must be a layer, thus the only rule that can be 
applied on 0j + \ is the Explosion rule. Since 0j ~<\- (3j + i 0j cannot correspond 
to the branch n n + 1 of the Explosion rule. Thus it corresponds to the 
branch n <— 0. But then the nodes /3y, /?•,_!, . . . cannot possibly contain n 
(since no rule can introduce an occurrence of n in the tableau, and since by 
the application condition, the Loop Detection rule cannot be applied between a 
leaf not containing n and a layer containing n). Since 0i — 0k this means that 
0k, ■ ■ ■ , 0j+i contains no occurrence of n. But in this case the Explosion rule 
cannot be applied on 0j+i, a contradiction. ■ 

Lemma 15 Let T be a tableau. *H(T) is convergent. 

Proof. We extend the ordering ^7- to the A-symbols as follows: v a <-f v$ 
and /Lt Q -<t yfi if a -<f 0. By definition of ~<f, it is easy to check that all the 
rules above - except the n + 1-rewrite rule corresponding to the Explosion rule - 
strictly decrease the value of the symbols v a and /i Q . Furthermore, they do not 
increase the value of the indices. The Explosion rule may increase the value of 
these symbols but strictly decreases their indices. Thus termination is obvious. 
Confluence is immediate: indeed, since each node is labeled by a set (and not 
a multiset), the system is necessarily orthogonal (note that we assume that the 
semantic properties of the logical connectives are not taken into account for the 
matching, except the AC-properties of the A occurring at root level). ■ 

For any A-expression T, we denote by the normal form of T. We 

now state the soundness of our algorithm. 

Lemma [16] states that the rewrite system D\(T) indeed fulfils the desired 
property. 



Lemma 16 Let T be a closed tableau. Let a be a node in T ■ Let k € N. Let 
T{a) — {(pi, ...,</>„}. Let Xi,. . . ,X n be a set of pairwise distinct variables in 
V. Let U = (0i V Xi) A ... A (<p n V X n ). Then k'Jj? (£7)4-<h(T) * s a derivation from 
UU of fi a (U)i nr) . 

Proof. The proof is by induction on the pair (a, k), using the lexicographic 
extension of the ordering -<j- on the nodes in T and of the usual ordering on 
natural numbers (this ordering is obviously well-founded since T is finite). We 
distinguish several cases, according to the expansion rule that is applied on a. 

• If no rule is applied on a then T(a) must contain _L. W.l.o.g., we as- 
sume that 4>i = _L. By Definition [TT1 we have ^J? (£7) 4-m(T) = Xi and 
H a {U) 4-<h(t)— thus the proof is immediate (since Xi is obviously a 
derivation of Xi). 

• If the closure rule is applied on a then T(a) must contain two schemata ip 
and -iip. W.l.o.g., we assume that <pi = ip and <p2 = ~^ip. By Definition [TT1 
we have i£(l7)Lj, (r) = W> V Xi) • (-^ V X 2 ) ■ (Xi V X 2 ) and A i Q (C/)| K(T) = 
(A1VA2) hence the proof is completed, since (ipVXi)-(^ipVX 2 )-(Xi \/ X 2 ) 
is a derivation of Xi V X 2 . 

• Assume that A-Decomposition is applied on a schema ipi Aip 2 . W.l.o.g., 
we assume that (pi — (ipi A ip 2 ). Let /3 be the child of a. Let U' = 
{4> 2 V X 2 ) A ... A {<p n V X n ), i.e. we have U = ((ipi A tp 2 ) V X x ) A U' . By 
Definition!!]] we have v^[U)i^ {T) = v%((ipi V X x ) A (ip 2 A X 2 ) A U% m(T) 
and M Q (lO| K(r) = ^((ipi V Xi) A (ip 2 A X 2 ) A t/')lsK(T)- Thus, by the 
induction hypothesis, v^{{ipi V A (ip 2 V A 2 ) A t^)4-£R(7 - ) is a derivation 
from (V>i V Xi) A {ip 2 A X 2 ) A U'in of ^{U)\.^ {T) = ^ Q (C/)| m(r) . Hence 
it is also a derivation from U in since U and (tpi VXi) A (ip 2 A X 2 ) A U' 
share the same clausal forms. 

• Assume that V-Decomposition is applied on a schema tpi V ip 2 . W.l.o.g., 
we assume that <pi = (-01 V ip 2 ). Let j3i and (3 2 be the children of a 
(corresponding to the schemata ipi and ip 2 respectively). Let U' = (<p 2 V 
X 2 ) A ... A {<p n V X n ), i.e. we have U = ((ipi V ip 2 ) V X x ) A U'. By 
DefinitionrJU we have v%(U)Ik(T)= 4' (U)lm(T) ^ id' ( u ) A ^'H<K(T) 
and ^(C04«(T)= »k(4 l ( U ) A ^)^(T1- 

By the induction hypothesis, v^. 1 ([/) 4-ir(T) is a derivation from [/ 4--r of 
H^}(U) 4,fR(7"). Then, again by the induction hypothesis, ^{^{U) A 
U')l<n(T) is a derivation from fi^(U) A U' in of (j,&> (/if 1 (J7) A [/'Hk(T) 
i.e. of /i£ (£/)4-<R(T)- Consequently, ^J?(£^)4-iK(T) i s a derivation from U{.n 
of ^(17)4^(7-). 

• Assume that the Loop Detection rule is applied on a, using a node f3. 
m{T) contains the rule v%{X) -)• v^{X) and <(A) -> /£ (X). Then the 
proof is straightforward, by the induction hypothesis. 



• Assume that the Purity rule is applied on a, yielding a node j3. Since 
T(a) D T((3), the proof is immediate (a derivation from a set 5 is also a 
derivation from S U S'). 

• Assume that Explosion is applied on a, yielding two nodes /3\ and P2 
(corresponding respectively to the case n <— and n «— n + 1). We 
distinguish two cases, according to the value of k. 

- If k = then we have v% (U)Xm(T)= "q 1 (£/)|<r(t) and Mfc(^H<R(T) = 
Mo 1 (^ r )J-SH(T)- -By t ne induction hypothesis, Vq 1 (Z7)4,tH(7~) is a deriva- 
tion from U of /Iq 1 (£^)4-k(t) hence the proof is completed. 

- If k > then i£(I7) | OT(r) = i£ x (l7) L* (r) and p»(l7) |«„ (r) = 
A t fcLi(C^) -i-K(T)- By the induction hypothesis, ^fi 1 (?7) ^k(t) i s a 
derivation from [/ of Mk— lC^O-kftfT) hence the proof is completed. ■ 

Note that (contrarily to all the other cases) we may have /3i >-f a, but 
we are using the induction hypothesis on v^}_ v This is possible since 
k-Kk. 

Furthermore, we have the following: 

Lemma 17 Let T be a closed tableau. Let a be a node in T . Let Tip) = 
{</>i, . . . , 4>n\- A* a ((0i V X\) A ... A {4> n V A n ))4_(ji(7-) is a disjunction of formulas 
in Xi , . . . , X n . 

Proof. By an immediate induction on /i^. ■ 

Thus in the case in which X\ — . . . X n = _L, denotes a refutation 

of T(a), which entails the following theorem, showing the soundness of our 
algorithm (and entailing in particular the completeness of the tableau calculus). 

Theorem 18 Let T be a closed tableau containing a node a. Let n be the 
parameter ofT(a). Let T(a) — {<pi, . . . , </>„} and let $ = [<f>\ V_L)A. . ./\(4> n V_L). 

For any k S N, ^(^{n <— fc})^?R(T) * 5 a refutation of ${n k}],ji. Thus 
T(ot) is unsatisfiable. 

PROOF. By Lemma [TCI ^(<i>{n <- k})l^ T ) is a derivation from ${n <- /c}4_ K 
(hence also from ${n «— fc} |k) of /i£(${n <— fc}) l^cr)- By Lemma [T7l 
Ai£(${n<- fc})L Jt(r) = _L. ■ 

Note that the size of the rewrite system £H(T) is clearly linear w.r.t. the one 
of the tableau T ■ 

The simplification phase used in Example Q21 can be applied in a systematic 
way. However, it is not always sufficient to reduce the rewrite system into a 
propositional one. Actually, it is not difficult to sec that as soon as a node a 
exists in the tableau on which the V-Decomposition rule is applied, yielding two 
branches f5\ and P2 that are both looping on an ascendant of a, then the use of 
schema variables cannot be avoided. 



Example 19 Consider for instance the schema: <j> : ->po A -.go A (p n V g n ) A v n , 
where v is defined by the rules: v i+ \ — > (q± V -.pi+i) A (p± V -.gi+i) A v± and 
u — > T. The following tableau is constructed: 




_L (loop) 



_L (loop) 



The corresponding rewrite system (after partial evaluation and simplifica- 
tion) is the following (z/* corresponds to the refutation of (f): 

v\ (-ipo A -ig A (p n V g n ) A ti n ) 

i / n{~'Po A -.go A (p n V g n ) A v n ) • vl (-ip A -.go A g n A v n ) 
^o(^Po A (po V X) A F) -> -npo • (po V X) ■ X 
Vn+ihPo A -ig A (p n+ i V X) A v n +i) -»■ 

(p n+ i V X) ■ (g n V ^Pn+i) ■ (g n V X) • ^(-.po A -.go A (g n V X) A w n ) 
^o(^Po A (go Vl)AF)-> -.go ■ (go V X) ■ X 
^n+i(^Po A ^g A (g n+ i V X) A v n +i) -> 

(g n+ l V X) • (p n V -.g n +l) ■ (Pn V X) ■ ^ (-.po A ~.g A (p n V X) A Wn) 

The system still contains A- variables, although some of them have been 
removed by static evaluation. Note that it could be further simplified (for 
instance by moving the axioms such as -.p outside the inductive definitions), 
but the use of A-variables cannot be avoided. £ 



We now focus on an alternative approach that has the advantage that only 
propositional rewrite systems are generated. 



4 Globally looping tableaux 

Compared to the previous approach, the second algorithm generates much sim- 
pler rewrite systems, but it has the drawback that a more restrictive version of 
the Loop Detection rule must be used to prune the tableaux into finite ones. At 
a very high and informal level: in the first approach, we were building mutu- 
ally inductive proofs of several lemmata, whereas, in the second approach, we 
manage to have one single invariant proved by a single induction. 

We first need to introduce some additional terminology. A node a is of rank 
k in a tableau T of root /3 if there are exactly k applications of the Explosion 
rule between j3 and a (including j3, but not a). Leaves(T, a) denotes the set of 
non-closed leaves below a in T, Layers(T, k) denotes the set of layers of rank k 



in T and Layers(T, k, a) denotes the set of layers of rank k in T that occur below 
a. For any set of formulae <£>, we denote by /\$ the conjunction A^g* 4>- 11 T 
is a tableau and N is a set of nodes in T, then 7~[iV] denotes the disjunction 
\/ a £N /\7~( a )- We write cnf(</>) for a (subsumption-minimal) clausal form of 
Htz- 

Definition 20 A tableau 7~ is globally looping (w.r.t. two natural numbers k 
and n) iff the following conditions hold: 

1. n < k. 

2. T[Layers(T, k)} = T[Layers(T, n)] (modulo AC and idempotence) . 

3. All non-closed leaves in T are of a rank greater or equal to k. 

Then the Global Loop Detection rule closes every node in Layers(7", k). O 

By definition, after the Global Loop Detection rule is applied, all branches 
containing the parameter n are closed and the construction of the tableau is 
over (since no leaf can be expanded anymore). Note that the Global Loop 
Detection rule can be simulated by several applications of the Loop Detection 
rule introduced in Section [2] Indeed, assume that a pair of natural numbers 
(k, n) satisfying the conditions of Definition [2H1 exists. Then, by Condition 2, for 
every layer a of rank fc, there exists a layer /3 of rank n such that 7~(a) = 7~((3). 
Thus the Loop Detection rule applies on a (w.l.o.g. we assume that the layers 
of rank n are constructed before those of rank k in all parallel branches, which 
is possible since n < k). However, it is easy to see that the converse does not 
hold: the Global Loop Detection rule is strictly less general than the looping 
rule. It is, however, powerful enough to ensure termination, provided that a fair 
strategy is used to expand the tableau, as stated by the following theorem: 

Theorem 21 Let (7l)ieN be an infinite sequence of tableaux such that, for every 
i G N, Ti+i is obtained from 71 by applying one of the Expansion rules of Section 
other than the Loop Detection rule. Assume, moreover, that for every k £ N, 
there exists n G N such that every non- closed leaf in T n is of a rank greater 
than k (i.e. no branch is indefinitely "frozen", the rank of the leaves increases 
indefinitely) . There exists n G N such that 7~ n is globally looping. 

Proof. We have shown (see the proof of Theorem [5|) that the number of sets 
71(a) where a is a leaf in % is finite. Thus the set of sets of nodes {71(a) \ 
a G Layers(7I, n)} is also finite. Let k he a, natural number that is strictly 
greater than the cardinality of this set. By the hypothesis of the theorem, 
there exists n G N such that every leaf in T n is of a rank greater than k. By 
the pigeonhole argument, there exist two natural numbers n' < k' such that 
T[Layers(7^i, n')) = T[Layers(7^, k')]. Then T n is globally looping. ■ 

We now show that from every tableau 7~, one can extract a resolution deriva- 
tion from the root of T of the disjunction of the leaves of T ■ We first restrict 
ourselves to tableaux built without the Explosion and Loop Detection rules. We 



focus on such tableaux because they correspond to the subtrees that are found 
"between" two layers in an tableau built without restriction on the rules. More 
precisely, take a layer a of some rank m in a tableau T (built without restriction 
on the rules). Then the subtree of T of root a and whose leaves are the layers of 
rank m + 1 below a is indeed a tree built without Explosion nor Loop Detection 
(by definition of a layer). 

We first build derivations for such subtrees, those derivations will then be 
used as the base elements for building the final schema of refutation. For such 
a tree T and a node a of T, the next definition introduces A(T, a), which is 
intended to be a derivation of cnf(T[Leaves(T, a)}) from cnf(T(a)). 

Definition 22 Let T be a tableau constructed using the Expansion rules, ex- 
cept the Explosion and Loop Detection rules. Let a be a node in T. We define 
a derivation A(T, a) inductively, according to the rule that is applied on a: 

• If a is a leaf, then A(T, a) is defined as the sequence of clauses in 
cnf(7»). 

• If the Closure rule is applied on a, using two formulae <f> and -><j>, then 
A(T, a) = (f> ■ -up ■ _L (notice that since the formulae are in NNF, <j> must 
be an atom). 

• If the Normalisation, Purity or A-Decomposition rule is applied on a, 
yielding a node (3 then A(T, a) = A(T, /3). 

• Finally, assume that the V-Decomposition rule is applied on a yielding 
two nodes (3\ and /3 2 . Let $i and $ 2 be the clausal forms of (f>i and </> 2 
respectively. For any C G $2i let A'(C) be the derivation obtained from 
A(T, (3i) by replacing every occurrence of a clause De$ibyflVC (and 
by adding the disjunction VC to every descendant of D). 

For any clause C in cnf(T[Leaves(T, we construct a derivation 

A"(C") from A(T, /3 2 ) by replacing every occurrence of a clause D G < f ) 2 
by D V C" (and by adding the disjunction VC" to every descendant of D). 
Then A(T, a) is the concatenation of all the derivations A'(C) and A"(C") 
(with C G $ 2 and C £ cnf(T[Lcavcs(T,/3i)])). 

Only the case of disjunction is non-trivial. Informally, it does nothing more 
than building, for two sets of clauses Si and S 2 , a derivation of cnf(Si V S 2 ) 
from two derivations of Si and S 2 . 

The following lemma states that A(T, a) satisfies the desired property: 

Lemma 23 Let T be a tableau, constructed by using the previous expansion 
rules, except the Explosion and Loop Detection rules. For all nodes a in T , 
A(T, a) is a derivation of cnf(T[Leaves(T,a)}) from cnf(T(a)). 

Proof. The proof is by induction on the depth of T. We distinguish several 
cases, according to the rule applied on a. 



• If a is a leaf then Leaves(T, a) = {a}. Moreover, according to Definition 
[22l A(T, a) is the sequence of formulae in cnf(T(a)), thus the proof is 
completed. 

• If the Normalisation or A-Decomposition rule is applied on a, yielding a 
node fa then we have cnf(T(a)) = cnf(T(/3)). Moreover, since a has only 
one child, cnf(T[Leaves(T, a)]) = cnf(T[Leaves(T, fa])- Hence the proof 
is immediate, by the induction hypothesis. 

• If the Purity rule is applied on a, using a formula 0, yielding a 
node fa then by the induction hypothesis, A(T, /3) is a derivation 
of cnf(T[Leaves(T, fa]) from cnf(T(/3)). Since a has only one child, 
cnf(T[Leaves(T, a)]) — cnf(T[Leaves(T, fa])- Furthermore, cnf(T(a)) is 
of the form 0Acnf(T(/3)) thus A(T, fa is also a derivation from cnf(T(a)). 
Since, by Definition [2U A(T, a) — A(T, fa, the proof is completed. 

• Finally, assume that the Disjunction rule is applied on a, using a for- 
mula 0i V 02 ■ This yields two nodes fa and fa , corresponding respectively 
to 0i and 02- Let $ x and $ 2 be a enf of 0i and 02 respectively. By 
definition, cnf(T[Leaves(T, a)]) is the clausal form of the disjunction of 
cnf(T[Leaves(7", /3i)]) and cnf(T[Leaves(T, fa)]), hence every clause oc- 
curring in cnf(T[Leaves(T, a)]) is of the form C\ V C2 where Ci occurs 
in cnf(T[Leaves(T, fa)]) (i = 1,2). By the induction hypothesis A(T,fa) 
is a derivation of cnf(T[Leaves(T, fa)]) from cnf(T(/?i)). Thus in partic- 
ular, for every C £ $2, A'(C) (see Definition l22l for the notations) is a 
derivation from cnf(T(a)) of either C\ or C\ V C. In the first case, the 
formula 0i is not needed for deriving C\, thus actually, C± also occurs in 
cnf(T[Leaves(T, fa)])- Since C\ V C2 is subsumption-minimal, we must 
have actually C\ = C2 and the proof is completed. In the second case, by 
the induction hypothesis A(T,fa) is a derivation of C2 from cni(T(fa)), 
thus A"(Ci) is a derivation of C\ V C 2 from cnf(T(a))U{C*i VD | L> £ $ 2 }- 
Hence A(T, a) is a derivation of C\ V C2 from cnf(T(a)). 

■ 

Thus the function T{a) — > A(T,a) allows us to build derivations from 
subtrees of a whole tableau. Intuitively, the next step is to put together those 
derivations according to the positions of the corresponding subtrees in the main 
tableau. Consider a rank m in a tableau T . One can apply the function A 
to all the (parallel) subtrees whose root is a layer of rank m. Then we can do 
the same at rank m + 1, append every resulting derivation to the derivation 
obtained from the parent tree, and go on at rank m + 2, etc. This intuitively 
gives the structure of a rewrite system where n decreases each time we go to 
the next rank. However this gives us a tree-like structure (to every derivation 
corresponding to a subtree U we append the derivations corresponding to all 
the leaves of U, and go on with the trees below those leaves) similar to the 
rewrite systems presented in Section [3] Instead we would like a more linear 
structure. So we will consider at once all the layers of a given rank and get only 



one derivation corresponding to those nodes. For this, we need a way to apply 
A to all the subtrees at once. This is actually done by building a new tableau 
from the subtrees. 

Let T be a tableau of root a. Assume that T is globally looping w.r.t. n 
and k, with n < k. Let m < k. We denote by ht(T, m) a tableau whose root is 
labeled by a formula T[Layers(T, m)] (note that we take all the layers of rank m 
at a time), and obtained by applying the V and A-Decomposition and Closure 
rules (and only these rules) until irreducibility. By definition, since the root 
formula of U(T, m) is the disjunction of the labels of the layers in Layers(T, m), 
every non-closed leaf (3 of U (T, m) is labeled by a set of formulas of the form 
T{.lp)i where 7^ 6 Layers(T, m). Furthermore, for every 7 £ Layers(T, m), 
there exists a leaf /3 of U(T, m) such that 7^ = 7. Since m < k and since by 
Definition [20] the leaves of T must be of a rank greater or equal to k, the node 
7/3 cannot be a leaf of T ■ This implies that some rule is applied on jp. But 
the only rule that is applicable on a layer (beside the Global Loop Detection 
rule that cannot be applied on layers of a rank distinct from k) is the Explosion 
rule. Hence T necessarily contains two subtableaux, written T® and 7g, of 
roots T(7^){n <— 0} and T(7/?){n n + 1} respectively. Then V°(T, m) and 
V 1 (T, m) denote respectively the tableaux obtained from U(T, m){n <— 0} and 
U(T,m){a <- n+ 1} by: 

• Replacing every leaf /3 by Tp and Tg respectively. 

• Removing, in the obtained tableau, all applications of the Explosion rule0 
(and all the nodes that occur below such an application). 

By definition, the leaves of V°(T, m) and V 1 (T, m) are layers. They cor- 
respond either to the leaves of T or to the nodes in T on which Explosion is 
applied (these nodes are of rank m + 1 in T). 

Proposition 24 Let T be a tableau that is globally looping w.r.t. two numbers 
n < k. Let m < k. For any non closed leaf (3 ofU(7~,m), Tg° is closed and 
Layers(Tp , 0) = Layers(T,m + 1,7^). 

Proof. By definition, all leaves not containing n in T must be closed. Thus 
Tg is closed. Furthermore, by definition, the layers of rank in 7g are the first 
layers of every branch, i.e. the first layer after "fp in T . Since 7/3 is a layer of 
rank m in T, such layers are of rank m + 1. ■ 

Corollary 25 Let T be a tableau that is globally looping w.r.t. two numbers 
n < k. Let m < k. Let j3 and (3' be the roots of V (T,m) and V 1 (7", m) re- 
spectively. cnf(T[Leaves(V° (T , m) , /3)]) = _L and cnf(J~\Leaves(y x {J~ , m), /?)]) = 
cnf(T[Layers(T,m + 1)]). 

3 Note that, although no application of the Explosion rule occurs in U(T, m), some appli- 
cations of this rule may occur in Ti ■ 



Proof. The first point stems directly from Proposition For the second 
point, we only have to remark that by definition a node occurs in Layers(7~, to + 
1) iff it occurs in some set Layers(T, m + 1, 70), where j3 is a leaf of U(T, to) 
(since the leaves of IA (7~, to) are exactly the layers of rank m in T). ■ 

By applying the above function A(T, a) on the two tableaux V (T, m) and 
V°(T, to), we define the following derivations (where a denotes the root of 
V l (T,m) and V°(T,m)): 

A^T.ro) = AfVHT.mJ.a) A°(T,m) = A(V°(T, m), a) 
The following lemma states essential properties of A 1 (T, m) and A°(T, to): 

Lemma 26 Let T be a tableau that is globally looping w.r.t. two numbers n < k. 
Let m < k. 

• A °(7", to) is a refutation of cnf{T[Layers(7',m)]){ii <— 0}. 

• 7/ to < fc— 1 t/ien A 1 (7", to) is a derivation from cnf(T[Layers(l~,rn)]){ii <— 
n + 1} 0/ cnf(T[Layers(T , m + 1)]). 

• A 1 (7", fc — 1) is a derivation from cnf(T[Layers(T ', m)]){n <— n + 1} 0/ 
cnf(T[Layers(T 7 n)]) . 

Proof. Let /3 and /?' be the roots of V^T, fc) and V°(T, fc) respec- 
tively. By Lemma [23l A 1 (T, to) is a derivation from cnf(V 1 (T, m)((3)) of 
cnf(T[Leaves(V 1 (T, to), /?)]). By definition of V 1 (T, to), the root of V 1 (T, to) 
is labeled by ${n «— n + 1}, where $ is the root of Li(T,m). By defini- 
tion of U{T, to), $ = T[Layers(T, to)]. Hence A 1 (T, fc) is a derivation from 
cnf(7~[Layers(T, m)]){n ^— n + 1}. Similarly, A°(T, to) is a derivation from 
cnf(T[Layers(T, m)]){n «- 0}. 

By Corollary [23 cnf(r[Leaves(V 1 (T, to), /3)]) = cnf(T[Layers(T, to + 1)]). 
Furthermore, if to = k — 1, then since 7" is globally looping we have 
cnf(T[Layers(T, to + 1)]) = cnf(T[Layers(T, n)}). 

Similarly, cnf(T[Leaves(V 1 (T, to), /?)]) = ±. m 

Let T be a tableau that is globally looping w.r.t. two numbers n < k. We 
associate to each natural number to < k a symbol 7™. Let 9t*(T) the system 
containing the following rules. Note that V°(T, m) and V 1 (T, to) are defined 
only w.r.t. the rank to, but not w.r.t. a particular node. Thus, contrarily to 
the transformation of Section 3, there is not one derivation per node, but rather 
one derivation per rank. 

7 ,r -»■ A° (T, m) 7^ -»■ A 1 (T, m) ■ 7n m+1 (if m + 1< fe) 7^+1 ~* A ' (T. k ) ' 7? 

Intuitively, we are appending the derivations, rank after rank, until we reach 
the rank k where the Global Loop Detection applies. In this case we get back at 



the rank of looping n. Thus we can see the use of grouping the derivations by 
rank (instead of node) as it allows to benefit from the simplified form of looping 
induced by the Global Loop Detection rule. In the end, the resulting rewrite 
system is indeed much simpler. 

Proposition 27 9v*(T) is convergent. 

Proof. Termination is easy to obtain since the rules in *K*(T) strictly decreases 
the value of the indices of the symbols r y k . Furthermore, 91* (T) is obviously 
orthogonal. ■ 

Note that, by definition, £H*(T) is always propositional (unlike 9^(T)). 

Theorem 28 Let T be a tableau of root a that is globally looping w.r.t. two 
numbers n, k, with n < k. Let to < k. For all ieN, 7™^r*(T) * s a refutation of 
cnf(T[Layers(T,m)]){n 4- i}iji. Thus in particular, if a is a layer, J® im* (J~) 
is a refutation of T(a){n <— i}-liz- 

Proof. This follows by induction on i. If i = then we have, by definition 
of the rules in 9t*(T): 7 4 m 4m*(T)— A°(T, m)l-ji. By Lemma l26l (first point), 
A°(T, m)liz is a refutation of cnf(T[Layers(T, m)]){n <— 0}Ik- 

If i > then we have 7]™ im*(T)= h l (T,m)ln {n <- i} ■ 7™+* W(T)- 
If m < k — 1, then by Lemma [26] (second point), A 1 (T, m) is a derivation 
from cnf(T[Layers(T, m)]){n <— n + 1} of cnf(T[Layers(T, m + 1)]), hence 
A 1 (T, i — 1) in is a derivation from cnf(T[Layers(T, m)]){n <— i} Itz of 
cnf(T[Layers(7~, m + l)]){n 4— i — 1} 4-7^- Then by the induction hypothesis, 
7™l 4-*r*(T) is a refutation of cnf(T[Layers(T, m + l)])a{n <s— i — 1}4k- 

If to = fc— 1, then by Lemma [26l (second point), A 1 (7~, m) is a derivation from 
cnf(T[Layers(T, m)]){n n+1} of cnf(T[Layers(T, n)]), hence A 1 (7", i — 1)4-tc is 
a derivation from cnf(T[Layers(T, m)]){n <— of cnf(T[Layers(T, n)]){n «- 
* — l}4rc- Then by the induction hypothesis, 7j1i4m*(T) is a refutation of 
cnf(T[Layers(T, ra)])a{n <— i — 

When a is not a layer, the rewrite system is easily adapted by prepending 
the derivation obtained by applying A to the subtree of T whose leaves are the 
layers of rank 0. 

Example 29 Consider the tableau of Example [T5] This tableau is actually 
globally looping. The following rewrite system is constructed (after partial 
evaluation and simplification): 

70 -> Pa V q ■ -^po ■ qo ■ -'Qo • i- 

7n+i —>■ (Pn+i V g n +i) ■ (q a V ^p n +i) • (g n V g n +i) • (Pn V ^g n +i) ■ (g n V p a ) ■ 7 n 

Compared with the system produced by the previous method (see Example 
I19[) . these rules are obviously simpler (no schema variable are needed, and only 
linear recursion is used). Furthermore, it is easy to check that they generate 
much shorter derivations. £ 



5 Conclusion 



Two distinct algorithms have been designed for extracting schemata of reso- 
lution proofs from closed tableaux. This work is motivated by the fact that 
such refutations are needed for some natural applications of schemata calculus 
(unsatishability detection is not always sufficient). In particular, the explicit 
generation of the proofs (even in the form of proof schemata) makes possible 
the certification of the results produced by the provers. The first algorithm 
tackles the tableau calculus in its full generality, but it yields very complex rep- 
resentations of the derivations (which will make them less usable in practice, 
in particular they are not very informative for a human user). The second one 
uses a less powerful calculus, but it generates schemata of refutations in a much 
simpler format (propositional rewrite systems are obtained). 

There is thus a natural trade-off between the two presented methods: none of 
them is uniformly superior to the other. The choice between the two algorithms 
should be made according to the considered applications, and/or to the form of 
the constructed tableaux. In some cases, as shown by the examples in Section 
[21 the first approach generates a propositional rewrite system. In this case 
it should of course be preferred. Future work includes the implementation of 
the two methods and the precise evaluation of the complexity of the second 
algorithm. One could also wonder whether a polynomial algorithm generating 
propositional derivations exists for the general case. We conjecture that the use 
of A-variables cannot be avoided in general. 
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